July 11, 2020

Volume X, Number 193

July 10, 2020

Subscribe to Latest Legal News and Analysis

July 09, 2020

Subscribe to Latest Legal News and Analysis

New York Department of Financial Services Issues Guidance Regarding Heightened Cybersecurity Awareness During COVID-19 Pandemic

The New York Department of Financial Services (DFS) recently issued guidance to its regulated entities regarding heightened cybersecurity awareness as a result of the COVID-19 pandemic. DFS described three primary areas of heightened risk during this time: remote working, increased instances of phishing and fraud, and third-party risks.

With respect to remote working, DFS noted several areas of risk created by the shift to remote working. The prospect of more remote workers means additional security risks for all businesses. The DFS guidance focused on reminding regulated entities to use secure connections for remote workers – including the use of multi-factor authentication and VPN connections – to use secure wireless devices, and to provide guidance to employees regarding the secure use of wireless devices and other remote video conferencing tools.

DFS noted that there has been a significant increase in online fraud and phishing attempts and stated that the FBI has reported the use of fake emails purporting to be from the Center for Disease Control and Prevention (CDC), looking for charitable contributions or offering COVID-19 relief checks. DFS stated, “Regulated entities should remind their employees to be alert for phishing and fraud emails, and revisit phishing training and testing at the earliest practical opportunity.”

The third area DFS focused on was third-party risks. DFS suggested that regulated entities should coordinate with critical vendors to determine how they are adequately addressing new risks.

Finally, DFS issued a reminder that under 23 NYCRR Section 500.17(a), covered Cybersecurity Events must be reported to DFS as promptly as possible and within 72 hours at the latest.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume X, Number 114

TRENDING LEGAL ANALYSIS


About this Author

Deborah A. George, Robinson Cole, Cybersecurity lawyer
Counsel

Deborah George is a member of the firm’s Business Litigation Group as well as its Data Privacy + Cybersecurity Team.

Deb advises clients on and focuses her practice on data privacy and security, cybersecurity, and compliance with related state and federal laws. She also has experience providing counsel in civil litigation and employment law matters.  She has significant experience offering advice and counsel on legal issues related to human services agencies, including Medicaid, as well as  drafting and reviewing contracts, business associate agreements, and data use agreements. ...

401.709.3363